CVE-2017-5534
8.8
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Affected releases are TIBCO Software Inc. tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TIBCO Software Inc. | tibbr Community | 5.2.1 and below | affected |
| TIBCO Software Inc. | tibbr Community | 6.0.0 | affected |
| TIBCO Software Inc. | tibbr Community | 6.0.1 | affected |
| TIBCO Software Inc. | tibbr Community | 7.0.0 | affected |
| TIBCO Software Inc. | tibbr Enterprise | 5.2.1 and below | affected |
| TIBCO Software Inc. | tibbr Enterprise | 6.0.0 | affected |
| TIBCO Software Inc. | tibbr Enterprise | 6.0.1 | affected |
| TIBCO Software Inc. | tibbr Enterprise | 7.0.0 | affected |
Weaknesses
- The impact of this vulnerability includes the ability to execute arbitrary code with the privileges of the user that invoked the tibbr server.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.